<?php
include_once "RequestInit.php";
// test for username & password form parameters
$userNameVar ="";
$passwordVar ="";
$userToken="";
if(!isset($_REQUEST['username']) || !isset($_REQUEST['password']))
{
	header('HTTP/1.1 500 User name/password is a required field');
	exit;
} else 
{
	$userNameVar = $_REQUEST['username'];
	$passwordVar = $_REQUEST['password'];
}

$userId=0;
$hasUser = false;
$isLegitPassword = false;


// test user name and password
// send 500 error if failure
$sql = "select food_entry_user_id 
		from food_entry_user
  		 where active_flag = 'Y' 
		   and upper(user_name) = upper(:uName)
    	 and password =:password";
    							 		
 $ps = $dbConn->prepare($sql);
 $ps->bindParam(":uName", $userNameVar);
 $ps->bindParam(":password", $passwordVar);
 $ps->execute();
 
while ($row = $ps->fetch(PDO::FETCH_ASSOC))
{
	$userId =  $row['food_entry_user_id'];
}
    							 		
if($userId == 0)
{
	header('HTTP/1.1 500 Invalid user name and/or password please check the parameters and try again');
	exit;
} 
// persist userId
$_SESSION['userId'] = $userId;
// generate token and send it to the front end
$_SESSION['userToken'] = substr(md5(rand()), 0, 14);
echo $_SESSION['userToken'];
include_once "RequestCleanup.php";
?>
